For those of you who know me, Henry was my basset hound, and the fictitious name used during (ahem) special research. I'm a former intelligence officer, a professional analyst, and a blogger since 2004 writing about my experiences on the journey --information security, cyber intelligence, education, thoughts. Some love my writings others hate it. If you like it, follow me!

Saturday, November 01, 2014

When I think intelligence, I think... how do I think like the other guy? What's he going to do? How would he operate against someone? What motivates him/her?

So someone mentioned to me that when doing business in Russia, the company had to assign someone (full time) to watch for changes in laws (mostly tax laws) that happen over night, that if not caught, would cause harsh and immediate fines (yet another revenue opportunity). And I though to myself, That's pretty extreme! Would we really need to hire someone full time??
And today, this piece from the NY Times. Yes, others in the world do think differently. And where Putins friends stand to profit, laws (apparently) can change on a dime.

Friday, October 31, 2014

Wapack Labs does backend work for incident response teams who don't have the ability to do it themselves. Get your blood drawn? It probably goes to a lab for workup. We do the workup.

Yesterday, we (Wapack Labs) out-briefed a report on a case where a small (100 person) company had been breached... standard stuff (although not for them!). Spyware delivered Zeus, which delivered Crytpolocker, which of course, held them (the CEO) hostage until he paid a $600 bitcoin ransom, encrypting his files, and presumably more. But it's not the incident that had me scratching my head, it's that when we passed them a half dozen Command and Control IP addresses and domains, and told him to put them in his UTM (he's got a Sonicwall) and monitor for a few minutes to see who they're talking to internally, he had no idea what I was talking about. These guys simply were not prepared.. and they probably had no clue until recently that this stuff even existed.

The company has SSL VPNs, a Sonicwall UTM, and that's about it as far as we can tell. The IT staff is one guy.

The CEO thought they were safe.

So here's the deal... His company -a manufacturing company, has computers, but is primarily a machine shop. So what's he to do? In his case, more IT (Security) is an overhead cost in an already competitive, tight margin business... so what's he to do? Rent or buy?

My recommendation to him? Rent. Focus on his core business of making widgets.

He's already asked for recommendations - we work with four MSSPs --who all use the intel from either Red Sky Alliance or the lab (or both) to protect their customers. We've passed on recommending others, simply because the customer feedback we receive about them has been, well, less than stellar.

Look, for a company who prefers to focus on their core, MSSP is a wonderful thing, but its got to fit your use model, and you've got to know what you're going to get. In the mean time, the idea of installing a suite of security tools, hiring a team, and budgeting those increasingly hard to maintain margins comes at a high price for manufacturing companies like the one we visited. MSSP's, when used correctly, are a GREAT alternative.